Sorry, to answer your question from a few days ago, LDAP logins aren't
currently working at all for me, either from the web UI or from post-review.

Ian

On Thu, Nov 10, 2011 at 2:54 AM, Nilesh Jaiswal <nileshj...@gmail.com>wrote:

>
> Hi Chris,
>
> The changes are done are as below please find the snippet.
>
> class LDAPBackend(AuthBackend):
>     """Authenticate against a user on an LDAP server."""
>     name = _('LDAP')
>     settings_form = LDAPSettingsForm
>
>     def authenticate(self, username, password):
>         username = username.strip()
>         uid = settings.LDAP_UID_MASK % username
>         logging.info("Start Authenticating username: %s" % username)
>         logging.info("User UID is : %s" % uid)
>         try:
>             import ldap
>             ldapo = ldap.initialize(settings.LDAP_URI)
>             ldapo.set_option(ldap.OPT_REFERRALS, 0)
>             ldapo.set_option(ldap.OPT_PROTOCOL_VERSION, 3)
>             if settings.LDAP_TLS:
>                 ldapo.start_tls_s()
>
>         *    # May need to log in as the anonymous user before searching.
>             Filter = '(&(objectClass=*)(sAMAccountName=%s))' % username
>             Attrs=['displayName']
> *
>             if settings.LDAP_ANON_BIND_UID:
>                 ldapo.simple_bind_s(settings.LDAP_ANON_BIND_UID,
>                                     settings.LDAP_ANON_BIND_PASSWD)
>
>            *search = ldapo.search(settings.LDAP_BASE_DN,
> ldap.SCOPE_SUBTREE, Filter, Attrs)*
>
>             if not search:
>                 # no such a user, return early, no need for bind attempts
>                 logging.warning("LDAP error: The specified object does not
> "
>                                 "exist in the Directory: %s" %
>                                 uid)
>                 return None
> *            # Adding my code Start
>             search = ldapo.search_s(settings.LDAP_BASE_DN,
> ldap.SCOPE_SUBTREE, Filter)
>             # Adding my code End
> *
>
> Similar changes in
>     def get_or_create_user(self, username):
>
> *                Filter = '(&(objectClass=*)(sAMAccountName=%s))' %
> username
>                 Attrs=['displayName']
> #                passwd = ldapo.search_s(settings.LDAP_BASE_DN,
> #                                        ldap.SCOPE_SUBTREE,
> #                                        settings.LDAP_UID_MASK % username)
>                 passwd = ldapo.search_s(settings.LDAP_BASE_DN,
>                                         ldap.SCOPE_SUBTREE, Filter, Attrs)
> *            if len(password) == 0:
>                 # Don't try to bind using an empty password; the server
> will
>                 # return success, which doesn't mean we have authenticated.
>                 # http://tools.ietf.org/html/rfc4513#section-5.1.2
>                 # http://tools.ietf.org/html/rfc4513#section-6.3.1
>                 logging.warning("Empty password for: %s" % uid)
>                 return None
>
>             ldapo.bind_s(search[0][0], password)
>
>             return self.get_or_create_user(username)
>
>
> After this changes i was able to authenticate using LDAP user from RB GUI.
> This is my customize fix, if you have better fix please let us know.
>
> Regards,
> Nilesh
>
> On Thu, Nov 10, 2011 at 3:52 PM, Christian Hammond <chip...@chipx86.com>wrote:
>
>> Can you tell me what change you made? I'd like to get a fix into a
>> release.
>>
>>
>> Christian
>>
>> --
>> Christian Hammond - chip...@chipx86.com
>> Review Board - http://www.reviewboard.org
>> VMware, Inc. - http://www.vmware.com
>>
>>
>> On Wed, Nov 9, 2011 at 11:45 PM, Nilesh Jaiswal <nileshj...@gmail.com>wrote:
>>
>>> Its seems, you need to make the changes in the backends.py to add the
>>> filter for the LDAP user, I was also facing this issue then i add the
>>> filter and it started working for me
>>>
>>>
>>> On Tue, Nov 8, 2011 at 4:58 AM, Christian Hammond 
>>> <chip...@chipx86.com>wrote:
>>>
>>>> Hi,
>>>>
>>>> Are you just having trouble with API logins using post-review, or the
>>>> website as well?
>>>>
>>>> There are some issues we haven't yet tracked down specifically with
>>>> LDAP logins with the API. I honestly don't know what's going on there, and
>>>> nobody who has such a setup has been able to debug enough to figure out the
>>>> root cause.
>>>>
>>>> Christian
>>>>
>>>> --
>>>> Christian Hammond - chip...@chipx86.com
>>>> Review Board - http://www.reviewboard.org
>>>> VMware, Inc. - http://www.vmware.com
>>>>
>>>>
>>>>
>>>> On Mon, Nov 7, 2011 at 2:41 PM, Mail Team <email....@gmail.com> wrote:
>>>>
>>>>> And the server is ReviewBoard 1.6.1 with Django 1.3.1, Djblets 0.6.13,
>>>>> django_evolution 0.6.5.
>>>>>
>>>>> Ian
>>>>>
>>>>>
>>>>> On Sun, Nov 6, 2011 at 1:13 AM, Mail Team <email....@gmail.com> wrote:
>>>>>
>>>>>> And the client was using Python 2.7 all along.  It was using RBTools
>>>>>> 0.3.3, I tried updating them to 0.3.4 but that didn't make a difference.
>>>>>>
>>>>>> Ian
>>>>>>
>>>>>>
>>>>>> On Sun, Nov 6, 2011 at 1:12 AM, Mail Team <email....@gmail.com>wrote:
>>>>>>
>>>>>>> A bit more info:
>>>>>>> My old server used Python 2.6, my new server uses 2.7.
>>>>>>>
>>>>>>> $ post-review --debug -o dummyfile
>>>>>>> >>> RBTools 0.3.4
>>>>>>> >>> Home = /path/to/my/home
>>>>>>> >>> svn info
>>>>>>> >>> diff --version
>>>>>>> >>> repository info: Path: svn+ssh://my.repository/url, Base path:
>>>>>>> /trunk, Supports changesets: False
>>>>>>> >>> svn propget reviewboard:url /path/to/my/working/copy/trunk
>>>>>>> >>> HTTP GETting api/
>>>>>>> >>> HTTP GETting http://my.reviewboard.server/codereviews/api/info/
>>>>>>> ==> HTTP Authentication Required
>>>>>>> Enter authorization information for "Web API" at mailteam.apple.com
>>>>>>> Username: iana
>>>>>>> Password:
>>>>>>> >>> Got API Error 103 (HTTP code 401): You are not logged in
>>>>>>> >>> Error data: {u'stat': u'fail', u'err': {u'msg': u'You are not
>>>>>>> logged in', u'code': 103}}
>>>>>>> Unable to log in with the supplied username and password.
>>>>>>>
>>>>>>> When I use post-review as above, I do get some logs but they're not
>>>>>>> all that helpful to me.
>>>>>>> DEBUG Attempting authentication on API for user iana
>>>>>>> DEBUG API Login failed. No valid user found.
>>>>>>>
>>>>>>> On Sun, Nov 6, 2011 at 1:43 AM, Mail Team <email....@gmail.com>wrote:
>>>>>>>
>>>>>>>> I moved my Review Board installation to a new server via rb-site
>>>>>>>> manage dumpdata/loaddata which seemed to go fine, but now LDAP logins 
>>>>>>>> don't
>>>>>>>> work.  If I go into the admin interface and click on Logs, there's 
>>>>>>>> nothing.
>>>>>>>>  Any idea how I could debug this? Any silly gotchas that I might be 
>>>>>>>> missing?
>>>>>>>>
>>>>>>>> Ian
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>  --
>>>>> Want to help the Review Board project? Donate today at
>>>>> http://www.reviewboard.org/donate/
>>>>> Happy user? Let us know at http://www.reviewboard.org/users/
>>>>> -~----------~----~----~----~------~----~------~--~---
>>>>> To unsubscribe from this group, send email to
>>>>> reviewboard+unsubscr...@googlegroups.com
>>>>> For more options, visit this group at
>>>>> http://groups.google.com/group/reviewboard?hl=en
>>>>>
>>>>
>>>>  --
>>>> Want to help the Review Board project? Donate today at
>>>> http://www.reviewboard.org/donate/
>>>> Happy user? Let us know at http://www.reviewboard.org/users/
>>>> -~----------~----~----~----~------~----~------~--~---
>>>> To unsubscribe from this group, send email to
>>>> reviewboard+unsubscr...@googlegroups.com
>>>> For more options, visit this group at
>>>> http://groups.google.com/group/reviewboard?hl=en
>>>>
>>>
>>>  --
>>> Want to help the Review Board project? Donate today at
>>> http://www.reviewboard.org/donate/
>>> Happy user? Let us know at http://www.reviewboard.org/users/
>>> -~----------~----~----~----~------~----~------~--~---
>>> To unsubscribe from this group, send email to
>>> reviewboard+unsubscr...@googlegroups.com
>>> For more options, visit this group at
>>> http://groups.google.com/group/reviewboard?hl=en
>>>
>>
>>  --
>> Want to help the Review Board project? Donate today at
>> http://www.reviewboard.org/donate/
>> Happy user? Let us know at http://www.reviewboard.org/users/
>> -~----------~----~----~----~------~----~------~--~---
>> To unsubscribe from this group, send email to
>> reviewboard+unsubscr...@googlegroups.com
>> For more options, visit this group at
>> http://groups.google.com/group/reviewboard?hl=en
>>
>
>  --
> Want to help the Review Board project? Donate today at
> http://www.reviewboard.org/donate/
> Happy user? Let us know at http://www.reviewboard.org/users/
> -~----------~----~----~----~------~----~------~--~---
> To unsubscribe from this group, send email to
> reviewboard+unsubscr...@googlegroups.com
> For more options, visit this group at
> http://groups.google.com/group/reviewboard?hl=en
>

-- 
Want to help the Review Board project? Donate today at 
http://www.reviewboard.org/donate/
Happy user? Let us know at http://www.reviewboard.org/users/
-~----------~----~----~----~------~----~------~--~---
To unsubscribe from this group, send email to 
reviewboard+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/reviewboard?hl=en

Reply via email to